Accountability

Article 24 further places the onus for accountability on controllers and processors which are required to

"implement appropriate technical and organisational measures to ensure and be able to demonstrate that the processing of personal data is performed in compliance with this Regulation. These measures shall be reviewed and updated where necessary".

Compliance must be readily demonstrable to individuals and supervisory authorities and failure to do so may lead to a fine of up to €10,000,000 or 2% of annual turnover.

The requirements for controllers include:

the implementation of appropriate data protection policies

adherence to approved codes of conduct

complying with the concepts of "data protection by design and by default"